SELinux, AppArmor and Permissions

In virtually all Linux distributions, there is a security feature originally
designed by the American NSA called either SELinux or AppArmor. Its purpose
is to stop processes (such as clamd) being able to access files or
directories that they would not normally be able to access. clamd needs to be
able to access all files under /var/zendto in order to virus scan
them, but this is not in its default set of SELinux permissions.

Also, the ownership and permissions of the /var/zendto/incoming directory need to be exactly right.

In any of these cases, the fastest fix is to download the ZendTo installer and unpack it. cd into it and run whichever clamav and selinux scripts are appropriate for your distribution. The installer is designed so that you can just run parts of it separately, without running the main "install.sh". This will reinstall clamav and configure the necessary ownership, permissions and SELinux settings for you automatically.

Virtual Memory

On some systems, it appears that clamd needs to have at least as much virtual memory available as the size of the file it is scanning. It does not appear to write to this virtual memory, but it will fail if it is not available.

You can test this by adding, say, another 10GB of virtual memory to your server, like this (do this as root):
dd if=/dev/zero of=/swapfile bs=1M count=10000
mkswap /swapfile
chmod go-rwx /swapfile
swapon /swapfile
If you now look at the output of top you should see you have a lot of spare swap space/virtual memory available. Try uploading a fairly large file again, and see if it works this time.

To remove the extra swap file, do this as root:
swapoff /swapfile
rm /swapfile